{"id":"https://openalex.org/W2115175195","doi":"https://doi.org/10.1109/dsn.2008.4630086","title":"Towards an understanding of anti-virtualization and anti-debugging behavior in modern malware","display_name":"Towards an understanding of anti-virtualization and anti-debugging behavior in modern malware","publication_year":2008,"publication_date":"2008-06-01","ids":{"openalex":"https://openalex.org/W2115175195","doi":"https://doi.org/10.1109/dsn.2008.4630086","mag":"2115175195"},"language":"en","primary_location":{"id":"doi:10.1109/dsn.2008.4630086","is_oa":true,"landing_page_url":"https://doi.org/10.1109/dsn.2008.4630086","pdf_url":"https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=4630086","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2008 IEEE International Conference on Dependable Systems and Networks With FTCS and DCC (DSN)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=4630086","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5100387708","display_name":"Chen Xu","orcid":"https://orcid.org/0000-0002-1198-4178"},"institutions":[{"id":"https://openalex.org/I27837315","display_name":"University of Michigan\u2013Ann Arbor","ror":"https://ror.org/00jmfr291","country_code":"US","type":"education","lineage":["https://openalex.org/I27837315"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Xu Chen","raw_affiliation_strings":["University of Michigan - Ann Arbor, USA","Michigan University, Ann arbor, MI"],"affiliations":[{"raw_affiliation_string":"University of Michigan - Ann Arbor, USA","institution_ids":["https://openalex.org/I27837315"]},{"raw_affiliation_string":"Michigan University, Ann arbor, MI","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5059021746","display_name":"J.H. Andersen","orcid":null},"institutions":[{"id":"https://openalex.org/I27837315","display_name":"University of Michigan\u2013Ann Arbor","ror":"https://ror.org/00jmfr291","country_code":"US","type":"education","lineage":["https://openalex.org/I27837315"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Jon Andersen","raw_affiliation_strings":["University of Michigan - Ann Arbor, USA","Michigan University, Ann arbor, MI"],"affiliations":[{"raw_affiliation_string":"University of Michigan - Ann Arbor, USA","institution_ids":["https://openalex.org/I27837315"]},{"raw_affiliation_string":"Michigan University, Ann arbor, MI","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5012670041","display_name":"Zeyu Mao","orcid":"https://orcid.org/0000-0003-0841-5123"},"institutions":[{"id":"https://openalex.org/I27837315","display_name":"University of Michigan\u2013Ann Arbor","ror":"https://ror.org/00jmfr291","country_code":"US","type":"education","lineage":["https://openalex.org/I27837315"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Z. Morley Mao","raw_affiliation_strings":["University of Michigan - Ann Arbor, USA","Michigan University, Ann arbor, MI"],"affiliations":[{"raw_affiliation_string":"University of Michigan - Ann Arbor, USA","institution_ids":["https://openalex.org/I27837315"]},{"raw_affiliation_string":"Michigan University, Ann arbor, MI","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5045573429","display_name":"Michael Bailey","orcid":"https://orcid.org/0009-0004-8425-993X"},"institutions":[{"id":"https://openalex.org/I27837315","display_name":"University of Michigan\u2013Ann Arbor","ror":"https://ror.org/00jmfr291","country_code":"US","type":"education","lineage":["https://openalex.org/I27837315"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Michael Bailey","raw_affiliation_strings":["University of Michigan - Ann Arbor, USA","Michigan University, Ann arbor, MI"],"affiliations":[{"raw_affiliation_string":"University of Michigan - Ann Arbor, USA","institution_ids":["https://openalex.org/I27837315"]},{"raw_affiliation_string":"Michigan University, Ann arbor, MI","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5051000370","display_name":"Jose Nazario","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Jose Nazario","raw_affiliation_strings":["Arbor Networks, USA","[Arbor Networks, USA]"],"affiliations":[{"raw_affiliation_string":"Arbor Networks, USA","institution_ids":[]},{"raw_affiliation_string":"[Arbor Networks, USA]","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5100387708"],"corresponding_institution_ids":["https://openalex.org/I27837315"],"apc_list":null,"apc_paid":null,"fwci":12.153,"has_fulltext":false,"cited_by_count":280,"citation_normalized_percentile":{"value":0.98911769,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":97,"max":100},"biblio":{"volume":null,"issue":null,"first_page":"177","last_page":"186"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9976000189781189,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.9112778902053833},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.7481174468994141},{"id":"https://openalex.org/keywords/botnet","display_name":"Botnet","score":0.7431780099868774},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.73759526014328},{"id":"https://openalex.org/keywords/cryptovirology","display_name":"Cryptovirology","score":0.5908253192901611},{"id":"https://openalex.org/keywords/debugging","display_name":"Debugging","score":0.5825360417366028},{"id":"https://openalex.org/keywords/malware-analysis","display_name":"Malware analysis","score":0.5585207343101501},{"id":"https://openalex.org/keywords/phishing","display_name":"Phishing","score":0.5240031480789185},{"id":"https://openalex.org/keywords/evasion","display_name":"Evasion (ethics)","score":0.4762853980064392},{"id":"https://openalex.org/keywords/denial-of-service-attack","display_name":"Denial-of-service attack","score":0.47328561544418335},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.17533624172210693},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.1500970423221588}],"concepts":[{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.9112778902053833},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.7481174468994141},{"id":"https://openalex.org/C22735295","wikidata":"https://www.wikidata.org/wiki/Q317671","display_name":"Botnet","level":3,"score":0.7431780099868774},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.73759526014328},{"id":"https://openalex.org/C84525096","wikidata":"https://www.wikidata.org/wiki/Q3506050","display_name":"Cryptovirology","level":3,"score":0.5908253192901611},{"id":"https://openalex.org/C168065819","wikidata":"https://www.wikidata.org/wiki/Q845566","display_name":"Debugging","level":2,"score":0.5825360417366028},{"id":"https://openalex.org/C2779395397","wikidata":"https://www.wikidata.org/wiki/Q15731404","display_name":"Malware analysis","level":3,"score":0.5585207343101501},{"id":"https://openalex.org/C83860907","wikidata":"https://www.wikidata.org/wiki/Q135005","display_name":"Phishing","level":3,"score":0.5240031480789185},{"id":"https://openalex.org/C2781251061","wikidata":"https://www.wikidata.org/wiki/Q5416089","display_name":"Evasion (ethics)","level":3,"score":0.4762853980064392},{"id":"https://openalex.org/C38822068","wikidata":"https://www.wikidata.org/wiki/Q131406","display_name":"Denial-of-service attack","level":3,"score":0.47328561544418335},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.17533624172210693},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.1500970423221588},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C8891405","wikidata":"https://www.wikidata.org/wiki/Q1059","display_name":"Immune system","level":2,"score":0.0},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0},{"id":"https://openalex.org/C203014093","wikidata":"https://www.wikidata.org/wiki/Q101929","display_name":"Immunology","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/dsn.2008.4630086","is_oa":true,"landing_page_url":"https://doi.org/10.1109/dsn.2008.4630086","pdf_url":"https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=4630086","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2008 IEEE International Conference on Dependable Systems and Networks With FTCS and DCC (DSN)","raw_type":"proceedings-article"},{"id":"pmh:oai:CiteSeerX.psu:10.1.1.217.5050","is_oa":false,"landing_page_url":"http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.217.5050","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"http://www.eecs.umich.edu/~zmao/Papers/DCCS-xu-chen.pdf","raw_type":"text"}],"best_oa_location":{"id":"doi:10.1109/dsn.2008.4630086","is_oa":true,"landing_page_url":"https://doi.org/10.1109/dsn.2008.4630086","pdf_url":"https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=4630086","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2008 IEEE International Conference on Dependable Systems and Networks With FTCS and DCC (DSN)","raw_type":"proceedings-article"},"sustainable_development_goals":[{"score":0.46000000834465027,"display_name":"Life in Land","id":"https://metadata.un.org/sdg/15"}],"awards":[],"funders":[],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W2115175195.pdf","grobid_xml":"https://content.openalex.org/works/W2115175195.grobid-xml"},"referenced_works_count":30,"referenced_works":["https://openalex.org/W23711711","https://openalex.org/W58093798","https://openalex.org/W78162143","https://openalex.org/W124732759","https://openalex.org/W198543417","https://openalex.org/W1529311848","https://openalex.org/W1564075167","https://openalex.org/W1604135736","https://openalex.org/W1714781699","https://openalex.org/W1903377156","https://openalex.org/W1968632081","https://openalex.org/W2107135371","https://openalex.org/W2117030266","https://openalex.org/W2127133592","https://openalex.org/W2134073393","https://openalex.org/W2138644293","https://openalex.org/W2147767253","https://openalex.org/W2171770082","https://openalex.org/W2293069947","https://openalex.org/W2294049595","https://openalex.org/W4205777466","https://openalex.org/W4285719527","https://openalex.org/W4292106049","https://openalex.org/W6601006388","https://openalex.org/W6602389413","https://openalex.org/W6603143691","https://openalex.org/W6605099366","https://openalex.org/W6631540460","https://openalex.org/W6636207123","https://openalex.org/W6676062913"],"related_works":["https://openalex.org/W2469507153","https://openalex.org/W2008790809","https://openalex.org/W2591653665","https://openalex.org/W2504756161","https://openalex.org/W2913406603","https://openalex.org/W1986316433","https://openalex.org/W4388686503","https://openalex.org/W2403995870","https://openalex.org/W2470029541","https://openalex.org/W4387065217"],"abstract_inverted_index":{"Many":[0],"threats":[1],"that":[2,132],"plague":[3],"today\u2019s":[4],"networks":[5,32],"(e.g.,":[6],"phishing,":[7],"botnets,":[8],"denial":[9],"of":[10,19,30,42,55,95,103,112,122],"service":[11],"attacks)":[12],"are":[13],"enabled":[14],"by":[15,115],"a":[16,92,100,128],"complex":[17],"ecosystem":[18],"attack":[20],"programs":[21],"commonly":[22],"called":[23],"malware.":[24],"To":[25,84],"combat":[26,85],"these":[27,31,48,73,123],"threats,":[28],"defenders":[29,79],"have":[33,63,90],"turned":[34],"to":[35,46,68,81,118,126,138,144],"the":[36,66,110,120],"collection,":[37],"analysis,":[38],"and":[39,52,70,98,137],"reverse":[40],"engineering":[41],"malware":[43,61,97,104,135],"as":[44],"mechanisms":[45],"understand":[47],"programs,":[49],"generate":[50,127],"signatures,":[51],"facilitate":[53],"cleanup":[54],"infected":[56],"hosts.":[57],"Recently":[58],"however,":[59],"new":[60,142],"instances":[62],"emerged":[64],"with":[65],"capability":[67],"check":[69],"often":[71],"thwart":[72],"defensive":[74],"activities":[75],"\u2014":[76],"essentially":[77],"leaving":[78],"blind":[80],"their":[82],"activities.":[83],"this":[86,113],"emerging":[87],"threat,":[88],"we":[89],"undertaken":[91],"robust":[93],"analysis":[94],"current":[96],"developed":[99],"detailed":[101],"taxonomy":[102,114],"defender":[105],"fingerprinting":[106,130],"methods.":[107],"We":[108],"demonstrate":[109],"utility":[111],"using":[116],"it":[117],"characterize":[119],"prevalence":[121],"avoidance":[124],"methods,":[125],"novel":[129],"method":[131],"can":[133],"assist":[134],"propagation,":[136],"create":[139],"an":[140],"effective":[141],"technique":[143],"protect":[145],"production":[146],"systems.":[147]},"counts_by_year":[{"year":2026,"cited_by_count":2},{"year":2025,"cited_by_count":4},{"year":2024,"cited_by_count":7},{"year":2023,"cited_by_count":11},{"year":2022,"cited_by_count":6},{"year":2021,"cited_by_count":18},{"year":2020,"cited_by_count":14},{"year":2019,"cited_by_count":24},{"year":2018,"cited_by_count":28},{"year":2017,"cited_by_count":31},{"year":2016,"cited_by_count":28},{"year":2015,"cited_by_count":17},{"year":2014,"cited_by_count":22},{"year":2013,"cited_by_count":22},{"year":2012,"cited_by_count":14}],"updated_date":"2026-04-04T16:13:02.066488","created_date":"2025-10-10T00:00:00"}